442 Open source projects that are alternatives of or similar to Intersect 2.5

A list of web application security

Hack the World using Termux

Burp extension to passively scan for applications revealing software version numbers

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

metasploit-framework 图形界面 / 图形化内网渗透工具

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

OSINT Tool: Generate username lists for companies on LinkedIn

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

Simple Karma Attack

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

An open-source post-exploitation framework for students, researchers and developers.

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

NetCat for Windows

Self contained htaccess shells and attacks

Penetration Testing notes, resources and scripts

Discover Your Attack Surface!

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Dradis Framework: Colllaboration and reporting for IT Security teams

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Gorsair hacks its way into remote docker containers that expose their APIs

A framework for Backdoor development!

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

linux post-exploitation framework made by linux user

IPv6 attack toolkit

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

Collection of tips, tools and tutorials around infosec

Ruby on Rails Phishing Framework

Steganography brute-force utility to uncover hidden data inside files

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

A Golang implant that uses Slack as a command and control server

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

USB Rubber Ducky type scripts written for the DigiSpark.

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Web Application Security Scanner

DotDotPwn - The Directory Traversal Fuzzer

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

A Python-powered exploitation framework and botnet.

Orc is a post-exploitation framework for Linux written in Bash

A web front-end for password cracking and analytics

Network Pivoting Toolkit

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

A tool to automate penetration tests

fsociety Hacking Tools Pack – A Penetration Testing Framework

Modern tactical exploitation toolkit.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Infection Monkey - An automated pentest tool

.NET 4.0 Remote Desktop Manager Password Gatherer